Buy it online: Buy USB2 Sniffer

• XC7A35T Artix 7 Series FPGA
• FT601 USB 3.0 w/ 5Gbps bandwidth
• 256MB DDR3 RAM
• 2 High Speed USB ULPI
• USB MUX for active/passive switching
• 2 RGB LEDs

• USB2 Sniffing
• USB2 MitM
• FaceDancer-like attacks
• High Speed USB IP design…

USB2Sniffer is a hardware-based sniffer. This is different than a software-only sniffer (For ex. Wireshark):

Software-only limitations:

• Capture is done at a higher level (URB)
• Depends on the host PC hardware USB controller
• Can only monitor USB traffic from/to the host PC

Hardware-based sniffer capabilities:

• Capture is done at the wire level (DP/DM).
• Ability to capture low level events such as: VBUS states, Speed negotiation Chirps, NAK or Incomplete transactions, PING, SPLIT, Start of Frames (SOF), errors, retransmissions, etc.
• Non intrusive: ULPI PHY are set to passive (non driving, no pull-up, no pull-down) mode and have no effect on the monitored USB bus.
• Accurate timings: each data byte or bus event is timestamped with a 60 MHz timestamp clock (16 ns precision)
• Capture between any host/device: a phone and its accessory, embedded systems, etc.

We provide open source FPGA gateware and GUI software for USB2 Sniffing scenario.

Other use cases (USB MiTM, Facedancer like, etc.) are not supported by the current gateware/software.

To build the gateware follow instructions as explained in README here:

• https://github.com/lambdaconcept/usbsniffer

Short instructions:

git clone git@github.com:lambdaconcept/usbsniffer.git
cd usbsniffer
python usbsniffer.py
openocd -f openocd/openocd.cfg

Alternatively precompiled versions are available for download:

• https://github.com/lambdaconcept/usbsniffer/releases

mkdir -p build/gateware/
cp ~/Downloads/top.bin build/gateware/
openocd -f openocd/openocd.cfg

Refer to JTAG+Serial Programmer and OpenOCD sections for additional information regarding SPI flash programming

Qt5-based open source GUI software for USB2 sniffer.

• Real time USB2 capture. Data is streamed to the GUI
• USB transaction grouping in tree view
• Filtering incomplete / NAK transactions
• Hexdump / Ascii detailed packet view
• Full ULPI RxCmd dump
• User selectable capture speed: LS/FS/HS
• Capture file format compatible with ITI1480A device. See https://github.com/vpelletier/ITI1480A-linux/blob/master/iti1480a/parser.py#L124
• Portable Linux / Windows

For performance reason we wrote our own ft60x driver for Linux.

• https://github.com/lambdaconcept/ft60x_driver

In short:

git clone git@github.com:lambdaconcept/ft60x_driver.git
cd ft60x_driver
make
sudo insmod ft60x.ko

No driver required on Windows, FTDI D3XX library is provided with the software.

• https://github.com/lambdaconcept/usb2sniffer-qt

Or download precompiled versions:

• https://github.com/lambdaconcept/usb2sniffer-qt/releases